The ransomware group BlackByte, believed to be a spin-off of the infamous Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability to gain control over virtual machines and escalate privileges within compromised environments. The pivot, discovered by Cisco Talos Incident Response, shows BlackByte’s ability to quickly integrate new vulnerabilities
admin
Sep 02, 2024The Hacker NewsCybercrime / CISO Insights The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new
In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two infamous commercial spyware vendors. In a new report, Google Threat Analysis Group (TAG) shared insights on two watering hole attacks targeting Mongolian government websites between November 2023 and
Aug 31, 2024Ravie LakshmananRootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a
Published vulnerabilities rose by 43% in H1 2024 compared to H1 2023, with attackers heavily targeting flaws in virtual private networks (VPNs) and other perimeter devices for initial access, a new report from Forescout has found. A total of 23,668 vulnerabilities were reported in the first six months of 2024, with an average of 111
ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE-2024-7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon analyzing the root cause, we subsequently discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are now patched – in this blogpost,
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that’s
A recent surge in malicious activity involving North Korean-linked threat groups has been identified by cybersecurity researchers, revealing a coordinated campaign targeting thenpm ecosystem. The campaign began on August 12 2024, and involved publishing malicious npm packages designed to infiltrate developer environments and steal sensitive data. The newly discovered packages, including temp-etherscan-api, ethersscan-api and telegram-con, exhibit
Video The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become 28 Aug 2024 Recently, ESET Researchers have discovered a crimeware campaign that targeted the clients of prominent Czech banks. The malware, named NGate by ESET, can relay data from victims’ stored payment cards via a
Aug 30, 2024Ravie LakshmananCryptocurrency / Malware Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating “coordinated and relentless” efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named
Ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018, impacting over 8000 educational institutions and exposing 6.7 million individual records. According to a new report by Comparitech, estimated costs exceed $2.5b in downtime alone as schools struggle to restore systems, recover data and strengthen cybersecurity measures.
Internet of Things In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors Márk Szabó 27 Aug 2024 • , 4 min. read Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status.
Aug 29, 2024Ravie LakshmananOnline Crime / Privacy French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread
A vulnerability in Microsoft 365 Copilot that allowed attackers to steal users’ sensitive information has been disclosed by a cybersecurity researcher. Johann Rehberger, who discovered the flaw, described the exploit chain in a blog post published on August 26. The attack combines several advanced techniques, including prompt injection, automatic tool invocation and a novel method called
Aug 28, 2024Ravie LakshmananSoftware Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS
A long-standing but stealthy group allegedly helping cyber-attackers penetrate IT systems by offering CAPTCHA-solving services has recently been discovered. In a new report, Arkose Cyber Threat Intelligence Research (ACTIR) shared that it had identified a cyber-attack enabling business it named Greasy Opal after observing the group’s tools being used to attack Arkose Labs’ customers. Greasy
Video, Mobile Security The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure 26 Aug 2024 Android threats are a serious business. Among them is the Blue Ducky script, which
Aug 27, 2024Ravie LakshmananAI Security / Vulnerability Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. “ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user
YouTube has released a new AI troubleshooting tool to help users recover their accounts after they’ve been hacked. The AI chatbot “support assistant” will act as a guide for users to resecure their login and recover their account after its been hacked. Eligible users will be able to access the tool in the YouTube Help
Aug 26, 2024Ravie LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have uncovered new Android malware that can relay victims’ contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware
Qilin, the ransomware group believed to be behind the recent Synnovis attack, has been observed stealing credentials stored in Google Chrome after gaining access to a target’s network. Researchers at Sophos X-Ops, who detected the activity, said this is an unusual tactic for ransomware groups, and one that could be a bonus multiplier for the
Video Phishing using PWAs? ESET Research’s latest discovery might just ruin some users’ assumptions about their preferred platform’s security 23 Aug 2024 ESET researchers have recently revealed an uncommon type of phishing campaign using Progressive Web Apps (PWAs) that targeted the clients of a prominent Czech bank. The technique used installed a phishing application from
Aug 25, 2024Ravie LakshmananLaw Enforcement / Digital Privacy Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said the probe
The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations. The Department of Justice (DoJ) has joined a whistleblower to file a “complaint-in-intervention” against the institutions for “knowingly” failing to implement cybersecurity controls as required by their Department
ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. Key points of this blogpost: Attackers combined standard
Aug 23, 2024Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. “This memory-only dropper decrypts and executes a PowerShell-based downloader,” Google-owned Mandiant said. “This PowerShell-based downloader is being tracked as
A newly discovered malware, Cthulhu Stealer, has been observed targeting macOS users, marking another significant cybersecurity threat to Apple’s operating system. The tool, identified by Cado Security, operates as a malware-as-a-service (MaaS) and leverages Apple disk images (DMG) to disguise itself as legitimate software. How Cthulhu Stealer Works The Cthulhu Stealer primarily focuses on stealing
Business Security Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with Tony Anscombe 21 Aug 2024 • , 3 min. read Governments create legislation and regulations primarily to protect public interests and keep
Aug 23, 2024Ravie LakshmananEndpoint Security / Data Privacy Cybersecurity researchers have uncovered a new information stealer that’s designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS)
A newly discovered remote access Trojan (RAT) family, MoonPeak, has been linked to a North Korean-affiliated threat group known as UAT-5394. This sophisticated malware, based on the open-source XenoRAT, is undergoing active development, showcasing significant enhancements aimed at evading detection and improving functionality, according to recent research from Cisco Talos. Connection to Kimsuky UAT-5394, an
- « Previous Page
- 1
- …
- 12
- 13
- 14
- 15
- 16
- …
- 122
- Next Page »